PID 0 Parent PID 0 [System Process]
PID 4 Parent PID 0 SYSTEM
PID 532 Parent PID 4 kind {Session manager} C:\WINDOWS\system32\smss.exe
PID 824 Parent PID 532 kind {Client Server Runtime Process} C:\WINDOWS\system32\csrss.exe
PID 856 Parent PID 532 kind {WinLogon} C:\WINDOWS\system32\winlogon.exe
PID 900 Parent PID 856 kind {Services.exe} C:\WINDOWS\system32\services.exe
PID 912 Parent PID 856 kind {lsass} C:\WINDOWS\system32\lsass.exe
PID 1064 Parent PID 900 service {Ati HotKey Poller} C:\WINDOWS\system32\ati2evxx.exe
PID 1080 Parent PID 900 kind {DCom Server} C:\WINDOWS\system32\svchost.exe
PID 1172 Parent PID 900 kind {RPC Service} C:\WINDOWS\system32\svchost.exe
PID 1268 Parent PID 900 kind {DHCP Client} C:\WINDOWS\system32\svchost.exe
PID 1304 Parent PID 900 service {WudfSvc} C:\WINDOWS\system32\svchost.exe
PID 1356 Parent PID 856 service {Ati HotKey Poller} C:\WINDOWS\system32\ati2evxx.exe
PID 1488 Parent PID 900 kind {DNS Client} C:\WINDOWS\system32\svchost.exe
PID 1568 Parent PID 900 kind {WebClient} C:\WINDOWS\system32\svchost.exe
PID 1720 Parent PID 900 service {avast! Antivirus} C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PID 424 Parent PID 900 kind {Print Spooler} C:\WINDOWS\system32\spoolsv.exe
PID 1388 Parent PID 900 kind {WebClient} C:\WINDOWS\system32\svchost.exe
PID 1436 Parent PID 900 service {ACDaemon} C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PID 1640 Parent PID 900 service {FsUsbExService} C:\WINDOWS\system32\FsUsbExService.Exe
PID 2028 Parent PID 900 service {JavaQuickStarterService} C:\Program Files\Java\jre6\bin\jqs.exe
PID 168 Parent PID 900 service {Pml Driver HPZ12} C:\WINDOWS\system32\HPZipm12.exe
PID 700 Parent PID 900 kind {Windows Image Acquisition} C:\WINDOWS\system32\svchost.exe
PID 2240 Parent PID 2196 kind {Explorer} C:\WINDOWS\explorer.exe
PID 2540 Parent PID 900 kind {Application Layer Gateway Service} C:\WINDOWS\system32\alg.exe
PID 2752 Parent PID 2240 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PID 2760 Parent PID 2240 C:\WINDOWS\SOUNDMAN.EXE
PID 3216 Parent PID 900 service {WmiApSrv} C:\WINDOWS\system32\wbem\wmiapsrv.exe
PID 3292 Parent PID 2240 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PID 3368 Parent PID 2240 C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID 3396 Parent PID 2240 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PID 3416 Parent PID 2240 kind {CTF Loader} C:\WINDOWS\system32\ctfmon.exe
PID 3632 Parent PID 2240 C:\Program Files\Messenger\msmsgs.exe
PID 3848 Parent PID 2240 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PID 3956 Parent PID 2240 C:\Program Files\WinFast\Dongle Mini\Dongle Mini Device Utilities\RTLRCtl.exe
PID 192 Parent PID 2240 C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
PID 228 Parent PID 2240 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PID 3152 Parent PID 3368 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PID 3160 Parent PID 2240 kind {Firefox browser} C:\Program Files\Mozilla Firefox\firefox.exe
PID 3588 Parent PID 3160 C:\Program Files\Mozilla Firefox\plugin-container.exe
PID 3812 Parent PID 2240 kind {Cmd.exe} C:\WINDOWS\system32\cmd.exe
PID 3112 Parent PID 3812 C:\Documents and Settings\Owner\Dokumenty\wincheck\wincheck.exe
MyWindowsChecker: len 13, kernel name ntkrnlpa.exe
HighestUserAddress: 7FFEFFFF
UserProbeAddress:   7FFF0000
SystemRangeStart:   80000000
NtMajorVersion: 5
NtMinorVersion: 1
BuildNumber:    2600
GlobalFlag: 0
Processors: 1
MmVerifierFlags 0
MmSystemSize    2 Large
DebuggerEnabled 0
DebuggerNotPresent 0
SafeBootMode    0
NXSupportPolicy 3
CR0 8001003B PE MP TS ET NE WP PG
CR4 000006F9 VME DE PSE PAE MCE PGE OSFXSR OSXMMEXCPT
WindowsType: Uniprocessor Free
KDDB:
 ETHREAD.StartAddress    224
 PsLoadedModuleList:     805540C0
 MmLoadedUserImageList:  80553F90
 KiProcessorBlock:       80552F40 (7BF40)
 KernelVerifier:         0
 KeBugCheckCallbackList: 805530F8 (7C0F8)
 MmNonPagedPoolStart:    81422000
 MmNonPagedPoolEnd:      FFBE0000
 MmPagedPoolStart:       E1000000
 MmPagedPoolEnd:         EB7FFFFF
 MmPageSize: 4096
Decode system scheme - simple
Decode scheme - simple
Driver RPHook loaded from C:\DOCUME~1\Owner\LOCALS~1\Temp\drv2
804D7000:1F9C00 flags C004000 LoadCount 1 \WINDOWS\system32\ntkrnlpa.exe
806D1000:20300 flags C004000 LoadCount 1 \WINDOWS\system32\hal.dll
F8B65000:2000 flags 9004000 LoadCount 3 \WINDOWS\system32\KDCOM.DLL
F8A75000:3000 flags 9004000 LoadCount 2 \WINDOWS\system32\BOOTVID.dll
F8471000:F3000 flags 9004000 LoadCount 1 spas.sys
F8B67000:2000 flags D004000 LoadCount 20 \WINDOWS\System32\Drivers\WMILIB.SYS
F8459000:18000 flags D004000 LoadCount 2 \WINDOWS\System32\Drivers\SCSIPORT.SYS
F842B000:2E000 flags 9004000 LoadCount 1 ACPI.sys
F841A000:11000 flags 9004000 LoadCount 1 pci.sys
F8665000:A000 flags 9004000 LoadCount 1 isapnp.sys
F8C2D000:1000 flags 9004000 LoadCount 1 pciide.sys
F88E5000:7000 flags D004000 LoadCount 1 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F8675000:B000 flags 9004000 LoadCount 1 MountMgr.sys
F83FB000:1F000 flags 9004000 LoadCount 1 ftdisk.sys
F88ED000:5000 flags 9004000 LoadCount 1 PartMgr.sys
F8685000:D000 flags 9004000 LoadCount 1 VolSnap.sys
F83E3000:18000 flags 9004000 LoadCount 1 atapi.sys
F83CC000:17000 flags 9004000 LoadCount 1 nvata.sys
F8695000:9000 flags 9004000 LoadCount 1 disk.sys
F86A5000:D000 flags D004000 LoadCount 2 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F83AC000:20000 flags 9004000 LoadCount 3 fltmgr.sys
F839A000:12000 flags 9004000 LoadCount 1 sr.sys
F86B5000:A000 flags 1004000 LoadCount 1 PxHelp20.sys
F8383000:17000 flags D004000 LoadCount 5 KSecDD.sys
F8370000:13000 flags 9004000 LoadCount 1 WudfPf.sys
F82E3000:8D000 flags 9004000 LoadCount 1 Ntfs.sys
F82B6000:2D000 flags D004000 LoadCount 16 NDIS.sys
F8288000:2E000 flags 9004000 LoadCount 1 aswNdis2.sys
F8B69000:2000 flags 9004000 LoadCount 1 aswNdis.sys
F826E000:1A000 flags 9004000 LoadCount 1 Mup.sys
F8885000:10000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\AmdK8.sys
F33B8000:5000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbohci.sys
F25FB000:24000 flags 9104000 LoadCount 2 \SystemRoot\system32\DRIVERS\USBPORT.SYS
F33B0000:8000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbehci.sys
F23C8000:233000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\ALCXWDM.SYS
F23A4000:24000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\portcls.sys
F2DB2000:F000 flags 9104000 LoadCount 2 \SystemRoot\system32\drivers\drmk.sys
F2381000:23000 flags 9104000 LoadCount 7 \SystemRoot\system32\drivers\ks.sys
F2DA2000:B000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\imapi.sys
F51D9000:8000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\Afc.sys
EF6B8000:10000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\cdrom.sys
EF6A8000:F000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\redbook.sys
EE59D000:11000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\el90xbc5.sys
EE1E7000:3B6000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ati2mtag.sys
EE1D3000:14000 flags 9104000 LoadCount 6 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
EE19A000:39000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\aji27yl6.SYS
EF698000:10000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\serial.sys
EFD3A000:4000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\serenum.sys
EE186000:14000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\parport.sys
EF688000:D000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\i8042prt.sys
F4546000:6000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\kbdclass.sys
EEA54000:1000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\audstub.sys
EF678000:D000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rasl2tp.sys
EF9A2000:3000 flags 9104000 LoadCount 2 \SystemRoot\system32\DRIVERS\ndistapi.sys
EE16F000:17000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ndiswan.sys
EF668000:B000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\raspppoe.sys
EEF86000:C000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\raspptp.sys
EE8E2000:5000 flags 9104000 LoadCount 13 \SystemRoot\system32\DRIVERS\TDI.SYS
EE15E000:11000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\psched.sys
EEF76000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\msgpc.sys
EE8DA000:5000 flags 9104000 LoadCount 2 \SystemRoot\system32\DRIVERS\ptilink.sys
EE8D2000:5000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\raspti.sys
EEF66000:A000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\termdd.sys
EE8CA000:6000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mouclass.sys
F8BF1000:2000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\swenum.sys
EE010000:5E000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\update.sys
EF99A000:4000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mssmbios.sys
EEF56000:A000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\NDProxy.SYS
EEF46000:F000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\usbhub.sys
F8BF3000:2000 flags 9104000 LoadCount 3 \SystemRoot\system32\DRIVERS\USBD.SYS
F8BF7000:2000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Fs_Rec.SYS
EE884000:1000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Null.SYS
F8BF9000:2000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Beep.SYS
F51B1000:6000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\vga.sys
F8BFB000:2000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\mnmdd.SYS
F8BFD000:2000 flags 9104000 LoadCount 1 \SystemRoot\System32\DRIVERS\RDPCDD.sys
F457E000:5000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Msfs.SYS
F4576000:8000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Npfs.SYS
EE706000:3000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rasacd.sys
B27CB000:13000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ipsec.sys
B2772000:59000 flags 9104000 LoadCount 3 \SystemRoot\system32\DRIVERS\tcpip.sys
B2758000:1A000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\aswFW.SYS
B2732000:26000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ipnat.sys
EE792000:B000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\aswTdi.SYS
B270A000:28000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\netbt.sys
EE0AE000:7000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\aswRdr.SYS
B26E8000:22000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\afd.sys
EE782000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\netbios.sys
B26BD000:2B000 flags 9104000 LoadCount 2 \SystemRoot\system32\DRIVERS\rdbss.sys
B264D000:70000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mrxsmb.sys
EE762000:B000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Fips.SYS
B2602000:4B000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\aswSP.SYS
B2595000:6D000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\aswSnx.SYS
F8905000:6000 flags 9104000 LoadCount 2 \SystemRoot\System32\Drivers\Aavmker4.SYS
F4340000:3000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\hidusb.sys
EE732000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F8A45000:7000 flags 9104000 LoadCount 2 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
EE14E000:9000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\wanarp.sys
F295C000:7000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F2E59000:3000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mouhid.sys
B2584000:11000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Udfs.SYS
B256D000:17000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\dump_nvata.sys
F8BB1000:2000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000:1C6000 flags 29104000 LoadCount 1 \SystemRoot\System32\win32k.sys
F8B25000:3000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\Dxapi.sys
EE076000:5000 flags 9104000 LoadCount 1 \SystemRoot\System32\watchdog.sys
BF000000:12000 flags 29104000 LoadCount 1 \SystemRoot\System32\drivers\dxg.sys
EE95F000:1000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\dxgthk.sys
BF012000:53000 flags 29104000 LoadCount 1 \SystemRoot\System32\ati2dvag.dll
BF065000:99000 flags 29104000 LoadCount 1 \SystemRoot\System32\ati2cqag.dll
BF0FE000:84000 flags 29104000 LoadCount 1 \SystemRoot\System32\atikvmag.dll
BF182000:4B000 flags 29104000 LoadCount 1 \SystemRoot\System32\atiok3x2.dll
BF1CD000:3A5000 flags 29104000 LoadCount 1 \SystemRoot\System32\ati3duag.dll
BF572000:28C000 flags 29104000 LoadCount 1 \SystemRoot\System32\ativvaxx.dll
BF9C6000:47000 flags 29104000 LoadCount 1 \SystemRoot\System32\ATMFD.DLL
F4344000:3000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\aswFsBlk.SYS
F8A89000:4000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ndisuio.sys
B02B3000:1A000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\aswMon2.SYS
B011E000:2D000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mrxdav.sys
F2FA7000:2000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\ParVdm.SYS
B0076000:58000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\srv.sys
AFEF9000:15000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\wdmaud.sys
F7D3E000:F000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\sysaudio.sys
AFC39000:9000 flags 1004000 LoadCount 1 \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
AFD01000:10000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Cdfs.SYS
AFBE8000:41000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\HTTP.sys
AE050000:2B000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\kmixer.sys
F5856000:D000 flags 9104000 LoadCount 1 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\drv2
7C900000:B1000 flags 0 LoadCount 1 \WINDOWS\system32\ntdll.dll
10000000:22D000 flags 0 LoadCount 1 \Program Files\DAEMON Tools Lite\Engine.dll
Patched KeReleaseInStackQueuedSpinLockFromDpcLevel + C12
Patched KiDispatchInterrupt + 22A
KernelSection .text rva 600, size 6B6B0, 0x2606 relocs has 0x14 patched bytes !
Patched ZwReplyWaitReceivePortEx + 5EC
Patched ObMakeTemporaryObject by \SystemRoot\System32\Drivers\aswSP.SYS
Patched ObInsertObject by \SystemRoot\System32\Drivers\aswSP.SYS
Patched ZwCreateProcessEx by \SystemRoot\System32\Drivers\aswSP.SYS
KernelSection PAGE rva 87300, size E1D9E, 0x25E6 relocs has 0x15 patched bytes !
SDT entry 9 (ZwAddBootEntry) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 11 (ZwAllocateVirtualMemory) hooked \SystemRoot\System32\Drivers\aswSP.SYS!
SDT entry 19 (ZwClose) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 23 (ZwCreateEvent) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 24 (ZwCreateEventPair) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 26 (ZwCreateIoCompletion) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 29 (ZwCreateKey) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 2B (ZwCreateMutant) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 32 (ZwCreateSection) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 33 (ZwCreateSemaphore) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 36 (ZwCreateTimer) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 3D (ZwDeleteBootEntry) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 3F (ZwDeleteKey) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 41 (ZwDeleteValueKey) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 44 (ZwDuplicateObject) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 47 (ZwEnumerateKey) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 49 (ZwEnumerateValueKey) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 53 (ZwFreeVirtualMemory) hooked \SystemRoot\System32\Drivers\aswSP.SYS!
SDT entry 61 (ZwLoadDriver) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 6D (ZwModifyBootEntry) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 6F (ZwNotifyChangeKey) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 70 (ZwNotifyChangeMultipleKeys) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 72 (ZwOpenEvent) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 73 (ZwOpenEventPair) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 75 (ZwOpenIoCompletion) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 77 (ZwOpenKey) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 78 (ZwOpenMutant) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 7A (ZwOpenProcess) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 7D (ZwOpenSection) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 7E (ZwOpenSemaphore) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 80 (ZwOpenThread) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 83 (ZwOpenTimer) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 89 (ZwProtectVirtualMemory) hooked \SystemRoot\System32\Drivers\aswSP.SYS!
SDT entry A0 (ZwQueryKey) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry A3 (ZwQueryObject) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry B1 (ZwQueryValueKey) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry C0 (ZwRenameKey) hooked \SystemRoot\System32\Drivers\aswSP.SYS!
SDT entry CC (ZwRestoreKey) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry D3 (ZwSetBootEntryOrder) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry D4 (ZwSetBootOptions) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry F0 (ZwSetSystemInformation) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry F1 (ZwSetSystemPowerState) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry F7 (ZwSetValueKey) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry F9 (ZwShutdownSystem) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry FF (ZwSystemDebugControl) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
SDT entry 10C (ZwVdmControl) hooked \SystemRoot\System32\Drivers\aswSnx.SYS!
ObType Directory:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Mutant:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      80535430 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Thread:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805C8204 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType FilterCommunicationPort:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       F83C090A fltmgr.sys
 DeleteProcedure:      F83C0190 fltmgr.sys
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Controller:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Profile:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      8060E5CA \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Event:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Type:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805B704E \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Section:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      8059DE60 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType EventPair:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType SymbolicLink:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805B96C2 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       805B9384 \WINDOWS\system32\ntkrnlpa.exe
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Desktop:
 DumpProcedure:        00000000 
 OpenProcedure:        80604236 \WINDOWS\system32\ntkrnlpa.exe
 CloseProcedure:       80604114 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      806041EC \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 8060417A \WINDOWS\system32\ntkrnlpa.exe
ObType Timer:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      80534F96 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType File:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       80578BD2 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      80578ECA \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       80578B04 \WINDOWS\system32\ntkrnlpa.exe
 SecurityProcedure:    8057929A \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   80577BAE \WINDOWS\system32\ntkrnlpa.exe
 OkayToCloseProcedure: 00000000 
ObType WindowStation:
 DumpProcedure:        00000000 
 OpenProcedure:        80604236 \WINDOWS\system32\ntkrnlpa.exe
 CloseProcedure:       80604114 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      806041EC \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       806042AA \WINDOWS\system32\ntkrnlpa.exe
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 8060417A \WINDOWS\system32\ntkrnlpa.exe
ObType Driver:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      80578B5C \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType WmiGuid:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       805FA9C0 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      805FAA1E \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805FAF20 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType KeyedEvent:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Device:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805790B4 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       80577D16 \WINDOWS\system32\ntkrnlpa.exe
 SecurityProcedure:    8057929A \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Token:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805EF034 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType DebugObject:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       8063A36E \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      805629DA \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType IoCompletion:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      8056E13E \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Process:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805C807C \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Adapter:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Key:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       8062E7EC \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      8062E6D2 \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       8062658A \WINDOWS\system32\ntkrnlpa.exe
 SecurityProcedure:    8062E536 \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   8062D56C \WINDOWS\system32\ntkrnlpa.exe
 OkayToCloseProcedure: 00000000 
ObType Job:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       805CCCC0 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      805CBF2A \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType WaitablePort:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       8059BCF4 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      8059BD2C \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Port:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       8059BCF4 \WINDOWS\system32\ntkrnlpa.exe
 DeleteProcedure:      8059BD2C \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Callback:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      805629DA \WINDOWS\system32\ntkrnlpa.exe
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType FilterConnectionPort:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       F83C01AA fltmgr.sys
 DeleteProcedure:      F83C01CA fltmgr.sys
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 
ObType Semaphore:
 DumpProcedure:        00000000 
 OpenProcedure:        00000000 
 CloseProcedure:       00000000 
 DeleteProcedure:      00000000 
 ParseProcedure:       00000000 
 SecurityProcedure:    805EEEBA \WINDOWS\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000 
 OkayToCloseProcedure: 00000000 

Callbacks:
CB: aswKLib, total 1:
  B26273DA (\SystemRoot\System32\Drivers\aswSP.SYS)
CB: SetSystemState, total 0:
CB: NdisBindUnbind, total 0:
CB: PowerState, total 7:
  806D76FA (\WINDOWS\system32\hal.dll)
  F8439568 (ACPI.sys)
  F82B714D (NDIS.sys)
  F888E4FA (\SystemRoot\system32\DRIVERS\AmdK8.sys)
  EE18A490 (\SystemRoot\system32\DRIVERS\parport.sys)
  F23CBB3A (\SystemRoot\system32\drivers\ALCXWDM.SYS)
  EE1EC8F8 (\SystemRoot\system32\DRIVERS\ati2mtag.sys)
CB: TcpConnectionCallback, total 1:
  B27399D0 (\SystemRoot\system32\DRIVERS\ipnat.sys)
CB: SetSystemTime, total 0:
CB: aswKLibInitialized, total 3:
  F82AA9A8 (aswNdis2.sys)
  EE797906 (\SystemRoot\System32\Drivers\aswTdi.SYS)
  EE0B0D78 (\SystemRoot\System32\Drivers\aswRdr.SYS)

bugcheck callbacks - 5:
  F82BA5EF (NDIS.sys)
  F82BA5EF (NDIS.sys)
  F82BA5EF (NDIS.sys)
  F84AFA28 (spas.sys)
  806D87CC (\WINDOWS\system32\hal.dll)

bugcheck reason callbacks - 8:
  EE1E9D6E (\SystemRoot\system32\DRIVERS\ati2mtag.sys)
  EF99AAB8 (\SystemRoot\system32\DRIVERS\mssmbios.sys)
  EF99AA70 (\SystemRoot\system32\DRIVERS\mssmbios.sys)
  EF99AA28 (\SystemRoot\system32\DRIVERS\mssmbios.sys)
  EE1D4522 (\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS)
  F26091BE (\SystemRoot\system32\DRIVERS\USBPORT.SYS)
  F260911E (\SystemRoot\system32\DRIVERS\USBPORT.SYS)
  F84AF9E4 (spas.sys)

Process notifiers:
[0] F84932EE spas.sys
[1] B2627A74 \SystemRoot\System32\Drivers\aswSP.SYS
[2] B25B1924 \SystemRoot\System32\Drivers\aswSnx.SYS
[3] F89057A4 \SystemRoot\System32\Drivers\Aavmker4.SYS
[4] EE1EDACC \SystemRoot\system32\DRIVERS\ati2mtag.sys

Thread notifiers:
[0] B26277E4 \SystemRoot\System32\Drivers\aswSP.SYS
[1] B25ADB6A \SystemRoot\System32\Drivers\aswSnx.SYS

Image notifiers:
[0] 825E4196 UNKNOWN
[1] B26276D0 \SystemRoot\System32\Drivers\aswSP.SYS
[2] B25B0B56 \SystemRoot\System32\Drivers\aswSnx.SYS

FS Change notifiers: 3 (actual 3)
DriverObj 825D3E20 addr F83A5876 sr.sys
DriverObj 824BF978 addr F83BC4B8 fltmgr.sys
DriverObj 82430F38 addr B02B52F6 \SystemRoot\System32\Drivers\aswMon2.SYS

LogonSessionTerminatedRoutines: 1
[0] B2662375 \SystemRoot\system32\DRIVERS\mrxsmb.sys

Callouts (16):
 PspW32ProcessCallout: BF85402A \SystemRoot\System32\win32k.sys
 PspW32ThreadCallout: BF819E0E \SystemRoot\System32\win32k.sys
 ExGlobalAtomTableCallout: BF819AE5 \SystemRoot\System32\win32k.sys
 PopEventCallout: BF894047 \SystemRoot\System32\win32k.sys
 PopStateCallout: BF933941 \SystemRoot\System32\win32k.sys
 PspW32JobCallout: BF873C38 \SystemRoot\System32\win32k.sys
 KeGdiFlushUserBatch: BF80C3D1 \SystemRoot\System32\win32k.sys
 ExDesktopOpenProcedureCallout: BF856BBE \SystemRoot\System32\win32k.sys
 ExDesktopOkToCloseProcedureCallout: BF8582E3 \SystemRoot\System32\win32k.sys
 ExDesktopCloseProcedureCallout: BF858327 \SystemRoot\System32\win32k.sys
 ExDesktopDeleteProcedureCallout: BF91AFC3 \SystemRoot\System32\win32k.sys
 ExWindowStationOkToCloseProcedureCallout: BF85801E \SystemRoot\System32\win32k.sys
 ExWindowStationCloseProcedureCallout: BF858152 \SystemRoot\System32\win32k.sys
 ExWindowStationDeleteProcedureCallout: BF91B05A \SystemRoot\System32\win32k.sys
 ExWindowStationParseProcedureCallout: BF856BFF \SystemRoot\System32\win32k.sys
 ExWindowStationOpenProcedureCallout: BF859290 \SystemRoot\System32\win32k.sys

Pnp Notifiers: total 23, readed 23
Pnp[0] CategoryHardwareProfileChange KSCATEGORY_AUDIO addr F7D47FCC \SystemRoot\system32\drivers\sysaudio.sys
Pnp[1] CategoryHardwareProfileChange DEVINTERFACE_HID addr 805BEEB6 \WINDOWS\system32\ntkrnlpa.exe
Pnp[2] CategoryHardwareProfileChange DEVICE_THERMAL_ZONE addr 805BEEB6 \WINDOWS\system32\ntkrnlpa.exe
Pnp[3] CategoryHardwareProfileChange DEVINTERFACE_HID addr BF882CFE \SystemRoot\System32\win32k.sys
Pnp[4] CategoryHardwareProfileChange DEVICE_SYS_BUTTON addr 805BEEB6 \WINDOWS\system32\ntkrnlpa.exe
Pnp[5] CategoryHardwareProfileChange SYSAUDIO addr AFF0044E \SystemRoot\system32\drivers\wdmaud.sys
Pnp[6] CategoryHardwareProfileChange SYSAUDIO addr AFF0044E \SystemRoot\system32\drivers\wdmaud.sys
Pnp[7] CategoryHardwareProfileChange SYSAUDIO addr AFF0044E \SystemRoot\system32\drivers\wdmaud.sys
Pnp[8] CategoryHardwareProfileChange SYSAUDIO addr AFF0044E \SystemRoot\system32\drivers\wdmaud.sys
Pnp[9] CategoryHardwareProfileChange SYSAUDIO addr AFF0044E \SystemRoot\system32\drivers\wdmaud.sys
Pnp[10] CategoryHardwareProfileChange DEVINTERFACE_DISK addr F84957A6 spas.sys
Pnp[11] CategoryHardwareProfileChange DEVINTERFACE_MOUSE addr BF882CFE \SystemRoot\System32\win32k.sys
Pnp[12] CategoryHardwareProfileChange DEVINTERFACE_CDROM addr F84957A6 spas.sys
Pnp[13] CategoryHardwareProfileChange DEVINTERFACE_CDROM addr BF883925 \SystemRoot\System32\win32k.sys
Pnp[14] CategoryHardwareProfileChange PREFERRED_WAVEOUT_DEVICE addr EF6ABAC0 \SystemRoot\system32\DRIVERS\redbook.sys
Pnp[15] CategoryHardwareProfileChange PREFERRED_WAVEOUT_DEVICE addr EF6ABAC0 \SystemRoot\system32\DRIVERS\redbook.sys
Pnp[16] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr F867DC26 MountMgr.sys
Pnp[17] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr F84957A6 spas.sys
Pnp[18] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr F868D544 VolSnap.sys
Pnp[19] CategoryHardwareProfileChange DEVINTERFACE_KEYBOARD addr BF882CFE \SystemRoot\System32\win32k.sys
Pnp[20] CategoryHardwareProfileChange DEVCLASS_BATTERY addr 805BEEB6 \WINDOWS\system32\ntkrnlpa.exe
Pnp[21] CategoryHardwareProfileChange VOLMGR_VOLUME_MANAGER addr F88EE85E PartMgr.sys
Pnp[22] CategoryHardwareProfileChange ACOUSTIC_ECHO_CANCEL addr F7D47FCC \SystemRoot\system32\drivers\sysaudio.sys
drivers_cfg::read: cannot open drivers config file C:\Documents and Settings\Owner\Dokumenty\wincheck\config\drivers.cfg, error 2

Driver ACPI:
 DriverUnload patched by spas.sys, addr F84B1AFE

Driver Ftdisk:
 DriverUnload patched by spas.sys, addr F84B1AFE
 Handler MJ_CREATE patched, addr 825E01F8
 Handler MJ_READ patched, addr 825E01F8
 Handler MJ_WRITE patched, addr 825E01F8
 Handler MJ_FLUSH_BUFFERS patched, addr 825E01F8
 Handler MJ_DEVICE_CONTROL patched, addr 825E01F8
 Handler MJ_INTERNAL_DEVICE_CONTROL patched, addr 825E01F8
 Handler MJ_SHUTDOWN patched, addr 825E01F8
 Handler MJ_CLEANUP patched, addr 825E01F8
 Handler MJ_POWER patched, addr 825E01F8
 Handler MJ_SYSTEM_CONTROL patched, addr 825E01F8
 Handler MJ_PNP patched, addr 825E01F8

Driver atapi:
 DriverUnload patched by spas.sys, addr F84B1AFE

Driver Disk:
 DriverUnload patched by spas.sys, addr F84B1AFE
 Handler MJ_CREATE patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr F86ABBB0
 Handler MJ_CLOSE patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr F86ABBB0
 Handler MJ_READ patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr F86A5D1F
 Handler MJ_WRITE patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr F86A5D1F
 Handler MJ_FLUSH_BUFFERS patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr F86A62E2
 Handler MJ_DEVICE_CONTROL patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr F86A63BB
 Handler MJ_INTERNAL_DEVICE_CONTROL patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr F86A9F28
 Handler MJ_SHUTDOWN patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr F86A62E2
 Handler MJ_POWER patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr F86A7C82
 Handler MJ_SYSTEM_CONTROL patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr F86AC99E
 Handler MJ_PNP patched by \WINDOWS\system32\DRIVERS\CLASSPNP.SYS, addr F86ABC93

Driver Ntfs:
 DriverUnload patched by spas.sys, addr F84B1AFE
 Handler MJ_CREATE patched by \SystemRoot\System32\Drivers\aswSP.SYS, addr B26202C0
 Handler MJ_CLOSE patched by \SystemRoot\System32\Drivers\aswSP.SYS, addr B2620300
 Handler MJ_READ patched, addr 825DE1F8
 Handler MJ_WRITE patched by \SystemRoot\System32\Drivers\aswSP.SYS, addr B26203C8
 Handler MJ_QUERY_INFORMATION patched, addr 825DE1F8
 Handler MJ_SET_INFORMATION patched by \SystemRoot\System32\Drivers\aswSP.SYS, addr B2620408
 Handler MJ_QUERY_EA patched, addr 825DE1F8
 Handler MJ_SET_EA patched, addr 825DE1F8
 Handler MJ_FLUSH_BUFFERS patched, addr 825DE1F8
 Handler MJ_QUERY_VOLUME_INFORMATION patched, addr 825DE1F8
 Handler MJ_SET_VOLUME_INFORMATION patched, addr 825DE1F8
 Handler MJ_DIRECTORY_CONTROL patched, addr 825DE1F8
 Handler MJ_FILE_SYSTEM_CONTROL patched, addr 825DE1F8
 Handler MJ_DEVICE_CONTROL patched, addr 825DE1F8
 Handler MJ_SHUTDOWN patched, addr 825DE1F8
 Handler MJ_LOCK_CONTROL patched, addr 825DE1F8
 Handler MJ_CLEANUP patched by \SystemRoot\System32\Drivers\aswSP.SYS, addr B2620364
 Handler MJ_QUERY_SECURITY patched, addr 825DE1F8
 Handler MJ_SET_SECURITY patched, addr 825DE1F8
 Handler MJ_QUERY_QUOTA patched, addr 825DE1F8
 Handler MJ_SET_QUOTA patched, addr 825DE1F8
 Handler MJ_PNP patched, addr 825DE1F8
 FastIOHandler FastIoQueryOpen patched, addr 825DE368

Driver NetBT:
 DriverUnload patched by spas.sys, addr F84B1AFE
 Handler MJ_CREATE patched, addr 82079500
 Handler MJ_CLOSE patched, addr 82079500
 Handler MJ_DEVICE_CONTROL patched, addr 82079500
 Handler MJ_INTERNAL_DEVICE_CONTROL patched, addr 82079500
 Handler MJ_CLEANUP patched, addr 82079500
 Handler MJ_PNP patched, addr 82079500

Driver USBSTOR:
 DriverUnload patched by spas.sys, addr F84B1AFE
 Handler MJ_CREATE patched, addr 8220C500
 Handler MJ_CLOSE patched, addr 8220C500
 Handler MJ_READ patched, addr 8220C500
 Handler MJ_WRITE patched, addr 8220C500
 Handler MJ_DEVICE_CONTROL patched, addr 8220C500
 Handler MJ_INTERNAL_DEVICE_CONTROL patched, addr 8220C500
 Handler MJ_POWER patched, addr 8220C500
 Handler MJ_SYSTEM_CONTROL patched, addr 8220C500
 Handler MJ_PNP patched, addr 8220C500
Shadow SDT: BF99CB80, limit 29B
Patched NtUserCallHwndParamLock by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSystemParametersInfo by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserOpenDesktop by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserBuildNameList by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSetWindowsHookEx by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSwitchDesktop by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserDestroyWindow by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSendInput by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSetClipboardViewer by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserGetClipboardData by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSetWinEventHook by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserSetSysColors by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserBlockInput by \SystemRoot\System32\Drivers\aswSnx.SYS
Patched NtUserRegisterRawInputDevices by \SystemRoot\System32\Drivers\aswSnx.SYS
Driver C:\WINDOWS\system32\win32k.sys!.text has 46 patched bytes !
IAT atapi.sys HAL.dll.READ_PORT_UCHAR patched by spas.sys, addr F8473042
IAT atapi.sys HAL.dll.READ_PORT_BUFFER_USHORT patched by spas.sys, addr F847313E
IAT atapi.sys HAL.dll.READ_PORT_USHORT patched by spas.sys, addr F84730C0
IAT atapi.sys HAL.dll.WRITE_PORT_BUFFER_USHORT patched by spas.sys, addr F8473800
IAT atapi.sys HAL.dll.WRITE_PORT_UCHAR patched by spas.sys, addr F84736D6
atapi.sys has 5 patched IAT entries (total 122)
ks count: 0
ShimModule: C:\WINDOWS\system32\ShimEng.dll (5D060000)
RtlpStartThreadFunc: C:\WINDOWS\system32\kernel32.dll (7C812A20)
RtlpExitThreadFunc: C:\WINDOWS\system32\kernel32.dll (7C80C280)
LdrpManifestProberRoutine: C:\WINDOWS\system32\kernel32.dll (7C8112B0)
Patched RtlDosSearchPath_U + 186
Module C:\WINDOWS\system32\ntdll.dll!.text has 1 patched bytes !
UnhandledExceptionFilter: C:\Documents and Settings\Owner\Dokumenty\wincheck\wincheck.exe (004A017D)
ConsoleCtrlHandler: C:\WINDOWS\system32\kernel32.dll (7C8763B1)
Patched GetBinaryTypeW + 80
Module C:\WINDOWS\system32\kernel32.dll!.text has 1 patched bytes !
apfn pfnFindResourceExA patched by C:\WINDOWS\system32\kernel32.dll, addr 7C835FA8
apfn pfnLoadResource patched by C:\WINDOWS\system32\kernel32.dll, addr 7C80A055
apfn pfnSizeofResource patched by C:\WINDOWS\system32\kernel32.dll, addr 7C80BD09
Check took 4265 msecs
